cdn-ops/global/overlay/etc/puppet/modules/cdn/files/mqtt/sunet-cdn-mqtt

#!/bin/bash

# Mosquitto is running with a user that is not privileged enough to read files
# directly from the certbot dirs, so copy files to where mosquitto expects
# them.

set -eu

le_dir="/etc/letsencrypt/live/$(hostname -f)"
mosquitto_dir="/etc/mosquitto"

le_fullchain="$le_dir/fullchain.pem"
mosquitto_fullchain="$mosquitto_dir/certs/fullchain.pem"
install -m 644 -o mosquitto -g root "$le_fullchain" "$mosquitto_fullchain"

le_key="$le_dir/privkey.pem"
mosquitto_key="$mosquitto_dir/certs/privkey.pem"
install -m 600 -o mosquitto -g root "$le_key" "$mosquitto_key"

# Tell mosquitto to reload certs
pkill -x -HUP mosquitto
Add certbot deploy script for mosquitto 2024-10-10 08:13:04 +00:00			`#!/bin/bash`

			`# Mosquitto is running with a user that is not privileged enough to read files`
			`# directly from the certbot dirs, so copy files to where mosquitto expects`
			`# them.`

			`set -eu`

			`le_dir="/etc/letsencrypt/live/$(hostname -f)"`
Remove trailing "/" in dir path 2024-10-10 08:36:00 +00:00			`mosquitto_dir="/etc/mosquitto"`
Add certbot deploy script for mosquitto 2024-10-10 08:13:04 +00:00
mqtt: fix certfile usage Use fullchain.pem instead of cert.pem which fixes "certificate signed by unknown authority" problems. Also point cafile to correct root cert. 2024-11-05 13:39:13 +00:00			`le_fullchain="$le_dir/fullchain.pem"`
			`mosquitto_fullchain="$mosquitto_dir/certs/fullchain.pem"`
Replace cp+chown with install 2024-11-05 13:45:37 +00:00			`install -m 644 -o mosquitto -g root "$le_fullchain" "$mosquitto_fullchain"`
Add certbot deploy script for mosquitto 2024-10-10 08:13:04 +00:00
			`le_key="$le_dir/privkey.pem"`
			`mosquitto_key="$mosquitto_dir/certs/privkey.pem"`
Replace cp+chown with install 2024-11-05 13:45:37 +00:00			`install -m 600 -o mosquitto -g root "$le_key" "$mosquitto_key"`
Add certbot deploy script for mosquitto 2024-10-10 08:13:04 +00:00
			`# Tell mosquitto to reload certs`
			`pkill -x -HUP mosquitto`